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CLAIMS 

1. A server-based, computer implemented method for detecting and 
eliminating invalid server-supplied data from client machines comprising the following 
steps performed following the receipt of a request for services from a client web browser 
which request is accompanied by server data placed on the client web machine via 
commands for the web browser included in transport protocol response headers sent by 
the server or by related servers on earlier occasions: 

scanning the server data which is received from the client web browser to identify 
invalid data; 

determining an identifier that accompanies any data which is invalid; and 
as part of a server response sent to the client web browser, including in the 
response a command or commands that causes only the invalid data, identified by the 
identifier, to be neutralized. 

2. A method in accordance with claim 1, wherein the method is applied to the 
detection and neutralization of one or more cookies supplied by the server or related 
servers to client web browsers and, when its data and name is later returned by a 
particular client web browser to the server, is found to contain invalid data, and wherein 
only cookies containing invalid data, identified by name, are neutralized. 

3. A method in accordance with claim 1, wherein the server data 
accompanying a request for services received from a client web browser contains one or 
more separate sets of data each including a name and a data value, and wherein the 
command or commands sent to the client as part of a response to the client includes one or 
more commands each of which identifies by name a set of data that contains invalid data 
and that is to be neutralized, whereby other sets of data containing valid data are not 
neutralized. 

4. A method in accordance with claim 3, wherein neutralization is carried out 
by sending to a client a command that places on the client a new data set associated with a 
name for a data set containing invalid data and a domain identifier of the server or of the 
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related servers, the new data set containing no erroneous data, whereby the new data set 
displaces the erroneous data set and thereby neutralizes the erroneous data set. 

5. A method in accordance with claim 1, wherein server data placed on a 
client machine via commands sent to a client web browser includes an expiration date, and 
wherein neutralization is accomplished by adjusting the expiration date to a valve that 
neutralizes the invalid data through expiration. 

6. A method in accordance with claim 5, wherein the expiration date is set to 

zero. 

7. A method in accordance with claim 5, wherein the expiration date is set to 
a date equal to or earlier than the date when the one or more commands is sent back to the 
client. 

8. A method in accordance with claim 1, wherein the invalid data comprises 
data whose value corresponds to one or more printable character identification codes 
which match codes contained in a list of invalid character codes. 

9. A method m accordance with claim 1, wherein the data transfer protocol is 
HTTP or an equivalent protocol, the data received comprises one or more data sets 
preceded by a "Cookie:" command or its equivalent, and separated by semi-colons or 
some other equivalent separator and of the form "NAME = VALUE" or some equivalent 
form, and wherein the neutralization of such data is achieved by returning one or more 
commands "Set-cookie:" or its equivalent, each including at least a first expression 
followed by one or more expressions, separated by semi-colons or some equivalent 
separator, of the form " NAME = VALUE" or its equivalent where NAME is the name 
associated with invalid data and VALUE is valid data which may be no data. 

10. A method in accordance with claim 9, in which the command "Set-cookie: " 
or its equivalent is also followed by an expression " domain = DOM AIN_NAME" or its 
equivalent where DOMAIN NAME identifies the server or group of related servers. 
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11. A method in accordance with claim 10, in which the command "Set- 
cookie:" or its equivalent is also followed by an expression " expires = DATE" or its 
equivalent where DATE is a date or its equivalent adjusted to neutralize the invalid data 
values by the client web browser. 

12. A computer program containing instructions enabling it to cause a server to 
carry out the method steps as in claim 1 . 

13. A system for detecting and eliminating invalid data from client web 
browsers comprising: 

a server designed to communicate over a network with clients; 

a client message receiver and transmitter on the server that is arranged to receive 
and to process incoming client messages and to transmit return messages back to clients; 

a scanner that scans at least some messages flowing into the server coming from 
clients over the network and including a detector that can detect incoming server data 
returned to the server by the client and originally supplied to the client on earlier 
occasions by the server or by a related server; 

a data integrity tester that tests the integrity of such incoming server data; and 

a message insertion conraiand generator placed into operation when the data 
integrity tester identifies invalid data in such incoming server data that causes the message 
receiver and transmitter, when transmitting a return message back to a client from which 
invalid data was received, to include within the return message one or more commands 
that causes the client to neutralized the invalid data without neutralizing other valid data. 

14. A system in accordance with claim 13, wherein the system is applied to the 
detection and neutralization of one or more cookies supplied by the server or related 
servers to client web browsers and, when its data and name is later remrned by a 
particular client web browser to the server, is found to contain invalid data, and wherein 
only cookies containing invalid data, identified by name, are neutralized. 

15. A system in accordance with claim 13, wherein the server data 
accompanying a request for services received from a client contains one or more separate 
sets of data each including a name and a data value, and wherein the command or 

23 



Attorney Docket No. 10007452-1 



commands sent to the client as part of a response to the client includes one or more 
commands each of which identifies by name a set of data that contains invalid data and 
that is to be neutralized, whereby other sets of data containing invalid data are not 
neutralized. 

16. A system in accordance with claim 15, wherein neutralization is carried out 
by sending to a client a command that places on the client machine a new data set 
associated with a name for the data set and a domain identifier of the server or of related 
servers, the new data set containing no erroneous data, whereby the new data set displaces 
the erroneous data set and thereby neutralizes the erroneous data set. 

17. A system in accordance with claim 13, wherein server data placed on a 
client mcludes an expiration date, and wherein neutralization is accomplished by adjusting 
the expiration date to a valve that neutralizes the invalid data through expiration. 

18. A system in accordance with claim 17, wherein the expiration date is set to 

zero. 

19. A system in accordance with claim 17, wherein the expiration date is set to 
a date equal to or earlier than the date when the one or more commands are sent back to 
the client. 

20. A system in accordance with claim 13, wherein invalid data comprises data 
whose value corresponds to one or more printable character identification codes which 
match codes contained in a list of invalid character codes. 

21 . A system in accordance with claim 13, wherein the data transfer protocol is 
HTTP or an equivalent protocol, the data received comprises one or more data sets 
preceded by "Cookie:" or an equivalent command and separated by semicolons or an 
equivalent separator and of the form "NAME = VALUE" or an equivalent form, and 
where the neutralization of such data is achieved by returning the command "Set-cookie:" 
or an equivalent command including at least a first expression followed by one or more 
expressions separated by semicolons or an equivalent separator of the form 
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" NAME = VALUE" or an equivalent form where NAME is the name associated with 
invalid data and VALUE is valid data or no data. 

22. A system in accordance with claim 21 , in which the command "Set- 
cookie:" or its equivalent is also followed by an expression " domain =DOMAIN_NAME" 
or an equivalent expression, where DOMAIN_NAME identifies the server or group of 
related servers. 

23. A system in accordance with claim 22, in which the command "Set- 
cookie:" or its equivalent is also followed by an expression "expu-es=DATE" or an 
equivalent expression, where DATE is a date value or its equivalent adjusted to neutralize 
the data value at the client. 

24. A system in accordance with claim 21, in which the command "Set- 
cookie:" is also followed by an expression " expires = DATE" where DATE is a date 
adjusted to neutralize the data value by the client browser. 
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